Applications running within a vehicle or mobile host access applications running on network hosts attached to the wireline network. This is accomplished via a wireless link from a mobile host 11 through multiple roadside radio access devices 13a-13c, and associated network links from the radio access devices through a network 14 to a network host 12. Mobile host 11 may connect through multiple radio access devices 13a-13c in sequence, over the course of a single application session, but experiencing interruptions in connectivity while in between wireless coverage areas, as shown in FIG. 1. A roadside radio access device, also known as an access point or access unit, typically provides an entrance point for radio-equipped devices within its coverage area, to a more general data communications network. It may be mounted along a roadside, or in any location within radio range of the serviced mobile units. Although, FIG. 1 illustrates a simplified one-to-one relationship between mobile host and network host, in practice, the relationship may be many-to-many.
A mobile environment offers unique challenges for different applications. For example, with relatively short range communications (for example, 1000 m), the mobile host's communication zone is limited and its communication opportunities can be short lived.
Additionally, for mobile applications, the time duration of the connection is critical. Thus, the sooner the mobile application can reestablish its session after it reaches another area of coverage, the longer the application has to exchange useful data. Having a mobile application retain some communication state information across subsequent communications connections can maximize the opportunity to communicate, since the devices do not have to recreate context information during each connection.
Moreover, a mobile host network address changes; for example, an Internet Protocol (IP) address changes depending on the network connection point of the mobile host. Mobile host identity is important in maintaining a communication session with the network. Simultaneously, mobile host identity can help the network application to track the mobile host between successive communication connections.
Finally, mobile host communications typically have security requirements such as authentication, authorization and confidentiality. Additionally, it is often desirable to disguise the identity of the mobile host, so that a third-party listener can not draw conclusions about its communications traffic or physical movement by monitoring its activities over time. This latter requirement is known as anonymity.
A typical multi-connection communications session is shown in FIG. 2. The mobile host 11 establishes a connection 21 to the network via a radio access point 13a, and performs a communications session 23, based on a priori knowledge of the application or on an application information distribution 20, until the connection is broken 24. Later a connection is reestablished 25 through a different access point 13b, and the communications session may continue 27, after its state has been recovered through some application-specific message exchange.
Internet Protocol networking allows mobility via dynamic re-addressing of the mobile host. However, when the mobile host 11 reconnects 25 and is assigned a new address, it needs to restart its session with the network host 12 under its new identity. The network provides no continuity between the first and second connections. Any continuity is provided at the application level, for example, via a user login. This consumes extra time and network overhead.
A Host Identity Protocol (HIP) specifies protocols to exchange cryptographic key material between communicating hosts using open/public unsecure networks. The key material can be subsequently used to establish a secure encrypted session. HIP is designed to work in the mobile environment while providing IP based connectivity to applications. HIP is optimized to facilitate key exchange when communication time is of the essence. It is also designed to reduce impact of frequent disconnects on the applications. HIP is considered a “layer 3.5” protocol, residing between the traditional layers 3 (network) and 4 (transport). HIP utilizes a Host Identity Tag (HIT) that remains unchanged while mobile host IP address can change from one communications session to the next. Instead of a conventional IP address, HIP-based applications use a fixed HIT to identify the communicating host in establishing a communication session. Encapsulated Security Payload (ESP) adds support for privacy. Likewise, the Security Architecture for IP provides a generic privacy capability. Additionally, mobility and multi-homing extensions allow hosts to report a change to their network IP address.
However, these protocols do not address anonymity. Since the same host identifier, i.e., HIT, is used in the second connection as was used in the first connection, a third party could monitor the network exchanges and track the movements of the mobile host.
U.S. Pat. No. 6,574,455, entitled “Method and apparatus for ensuring security of users of Bluetooth enabled devices,” describes a method for changing device-specific information on iterative connections. In this case, a master device broadcasts a network descriptor that changes over time. As a result, any device not continuously tracking the changes is not able to associate the transmissions of the master device with its transmissions from a previous time. This approach, however, only disguises the network, not the individual devices. Moreover, U.S. Pat. No. 7,194,760, entitled “Method for protecting privacy when using a Bluetooth device” discloses a method that causes a device to employ false addresses to prevent listeners from deducing its identity. It does not, however, provide a persistent identifier that can be used to associate a device with a false address with the same device when using a different address.
Therefore, there is a need for a method and system that provides persistent sessions with anonymity, in a dynamic wireless communications environment.